[[!toc]]
# Introduction
This tutorial aims at showing how you can build, setup, upload and launch NetBSD under the [Amazon EC2](http://aws.amazon.com/ec2/) service.
# Subscribe to AWS (Amazon Web Services)
If you already have an account for [Amazon Web Services](http://aws.amazon.com/), and you are a registered user for EC2 service, you can directly jump to section [What do you need to know](#index2h2). If not, keep reading.
## Quick overview
Before you can start playing with Amazon EC2, you have to create an account on Amazon Web Services, of which EC2, the Elastic Compute Cloud, is part. This is fairly straightforward, and done in two steps:
1. you "sign-up" directly on [Amazon Web Services](http://aws.amazon.com/) home-page. This is where you enter your credentials, and confirm your AWS account registration.
1. you sign-up to EC2 through [EC2 AWS home-page](http://aws.amazon.com/ec2/). You will be asked some more information, like a credit card (for billing), and a phone-number, for account validation.
## What do you need to know
EC2 uses different types of credentials. In addition to your login and password, you need an access key, a X.509 certificate (with its private key), and a pair of RSA keys, for remote SSH access.
These can be created through the [Security Credentials](https://aws-portal.amazon.com/gp/aws/developer/account/index.html?ie=UTF8&action=access-key) page (also accessible from the [Account](http://aws.amazon.com/account/) page):
1. create the access key. Keep a secured copy of the ID and its associated secret value. These will be used by various scripts later on to perform certain EC2 actions.
1. note down your account number (different from your access key ID!). This identifier can usually be obtained in the right top part of the page; it is a serie of numbers, separated with dashes: XXXX-XXXX-XXXX.
1. create, or upload, a X.509 certificate, in PEM format. Keep the private key in a safe place.
1. lastly, generate Amazon EC2 key pairs that will be used for SSH access. This step will be performed through the [Amazon Management Console](https://console.aws.amazon.com/ec2/home).
### Keep your credentials!
The different credentials created above will be used in various places of EC2, and by a myriad of commands. You are advised to keep them easily accessible, while still reasonably secure regarding their access. Most EC2 tools expect them to be find through a set of environment variables.
For convenience, you could store them under a **.ec2** directory inside your *$HOME*:
[[!template id=programlisting text="""
$ ls .ec2/
cert-SOMERANDOMKEY.pem # the X.509 certificate
id_rsa.ec2 # private RSA SSH key
id_rsa.ec2.pub # public RSA SSH key
pk-SOMERANDOMKEY.pem # the private key associated to the certificate
"""]]
then set the environment accordingly:
[[!template id=programlisting text="""
export EC2_PRIVATE_KEY=$HOME/.ec2/pk-SOMERANDOMKEY.pem
export EC2_CERT=$HOME/.ec2/cert-SOMERANDOMKEY.pem
export EC2_SSH_KEY=$HOME/.ec2/id_rsa.ec2
export EC2_ACCOUNT_NUM=XXXX-XXXX-XXXX
export EC2_ACCESS_KEY=MYACCESSKEYID
export EC2_SECRET_KEY=MYSECRETACCESSKEY
"""]]
Please note that the rest of the tutorial will assume that these variables are set.
### EC2 vocabulary -- last notes
Before starting to play with EC2, you need to be familiar with the EC2 vocabulary used throughout this tutorial.
Briefly said, EC2 uses [Xen](http://www.xen.org) as virtualization solution. So, in essence, all operating systems that support Xen para-virtualization can theoretically run inside EC2, as a domU. This is the case for NetBSD; however, please note that only amd64 is currently supported. Work is on-going to support 32 bits for EC2.
All operating systems are run as *instances*, which are, as their name implies, the instantiation of a specific AMI, or *Amazon Machine Image*. An AMI is an image built from specific *snapshots* of *volumes*. The volumes are part of [Elastic Block Storage](http://aws.amazon.com/ebs/) (or EBS for short), which is another service offered by AWS, distinct from EC2.
AKI, or *Amazon Kernel Image*, are a specific type of image. It represents the Xen guest para-virtualized kernel, as used by an AMI. Certain AKIs are allowed to boot customized operating systems, e.g. those that are still not officially supported by Amazon. Thanks to [PyGrub](http://wiki.xensource.com/xenwiki/PyGrub), it can boot a kernel that resides inside an AMI's snapshot.
# Building up your first AMI (Amazon Image)
## Pre-built AMIs
(For the future) Once NetBSD has decent support for Amazon EC2, we will publish the AMI identifiers so you can quickly boot up in a NetBSD environment without going through all the steps given below.
## Fetch and build the operating system
## Customizations
### For EC2
### For your own needs
## Upload your OS
### Create an Amazon Linux AMI instance
### Upload your files
### Snapshots!
### Shutdown the instance
## Create your customized AMI
# Play with your first NetBSD instance
## Create the instance
## Connect to it
## And now?